abaez / abaez.hashicluster / 1.2.3 / module / consul_acl_policy Consul ACL policy management for v1.5.0 | "added in version" N/A of abaez.hashicluster" Authors: Alejandro Baez (@abaez) preview | supported by communityabaez.hashicluster.consul_acl_policy (1.2.3) — module
Install with ansible-galaxy collection install abaez.hashicluster:==1.2.3
collections: - name: abaez.hashicluster version: 1.2.3
The module is to allow the ability to add an acl policy for consul.
Uses the new format introduced to consul on v1.4.0.
For more information over consul's acl, go here: https://www.consul.io/docs/acl/acl-rules.html.
# Create a policy - name: Create a new policy consul_acl_policy: address: '127.0.0.1:8500' management_token: 85e55057-a260-44ed-961b-e05eaff181fc state: present description: Nice policy to give no access name: hello world rules: '{{ rules | to_json }}' vars: rules: agent_prefix: '': policy: read register: create_new_policy_result
# Read an existing policy - name: Read an exising policy consul_acl_policy: address: '127.0.0.1:8500' management_token: 85e55057-a260-44ed-961b-e05eaff181fc state: present policy_id: 19577e59-4928-4ff0-9be4-cf4c2fa44e71 register: read_policy_result
# Update an exisitng policy - name: Update an exising policy consul_acl_policy: address: '127.0.0.1:8500' management_token: 85e55057-a260-44ed-961b-e05eaff181fc state: present policy_id: 19577e59-4928-4ff0-9be4-cf4c2fa44e71 name: 'magical_unique_policy' rules: '{{ rules | to_json }}' vars: rules: agent_prefix: '': policy: deny agent: 'foo': policy: write register: update_policy_result
# Delete an existing policy - name: Update an exising policy consul_acl_policy: address: '127.0.0.1:8500' management_token: 85e55057-a260-44ed-961b-e05eaff181fc state: absent policy_id: 19577e59-4928-4ff0-9be4-cf4c2fa44e71 register: delete_policy_result
name: description: - A unique name of the policy you wish to create or modify. - Required when C(state=present) required: false type: str rules: description: - A json string with ACL rules as defined in consul's guide here - https://www.consul.io/docs/acl/acl-rules.html - Required when C(state=present) required: false type: str state: choices: - present - absent default: present description: - Whether the policy should be present or absent from consul required: false type: str address: default: The environment variable CONSUL_HTTP_ADDR description: - The url to connect to consul. Using '<schema>//<domain>:<port>'. - For a unix domain socket, give 'unix:' with literal location. - 'Example: ''unix:///var/run/consul/http.sock''.' required: true type: str policy_id: description: - A UUID of an already existing policy. - You must define when modifying an existing policy. required: false type: str datacenters: default: [] description: - Limits what datacenters the policy can be used towards. required: false type: list() description: description: - A readable short description of the policy. required: false type: str management_token: default: The environment variable CONSUL_HTTP_TOKEN description: - A token with permissions to create or modify the policy. required: true type: str
changed: description: Whether the policy has been created or modified. returned: always type: bool datacenters: description: A list of datacenters to filter the policy. returned: changed sample: - us-east-1 type: list() description: description: A short description of the policy. returned: success and I(status) != "absent type: str policy_id: description: A UUID for the given policy. returned: success sample: a2ec332f-04cf-6fba-e8b8-acf62444d3da type: str rules: description: A jsont object of rules for the policy. returned: success sample: key: bar: policy: deny foo: policy: write